Publishing details

Changelog

ruby2.5 (2.5.1-1ubuntu1) bionic; urgency=medium

  * Merge with Debian; remaining changes:
    - Mark some tests as failing on Launchpad.
    - Update symbols file.

ruby2.5 (2.5.1-1) unstable; urgency=medium

  * New upstream version 2.5.1.

    According to the release announcement, includes fixes for the following
    security issues:

    - CVE-2017-17742: HTTP response splitting in WEBrick
    - CVE-2018-6914: Unintentional file and directory creation with directory
      traversal in tempfile and tmpdir
    - CVE-2018-8777: DoS by large request in WEBrick
    - CVE-2018-8778: Buffer under-read in String#unpack
    - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
      UNIXServer and UNIXSocket
    - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in
      Dir
    - Multiple vulnerabilities in RubyGems
  * Refresh patches.

    Patches dropped for being already applied upstream:

    - 0005-Fix-tests-to-cope-with-updates-in-tzdata.patch
    - 0006-Rubygems-apply-upstream-patch-to-fix-multiple-vulner.patch
  * Add patch to fix FTBFS on ia64 (Closes: #889848)
  * Add simple autopkgtest to check for builtin extensions that are build
    against external dependencies (ssl, yaml, *dbm etc)
  * Add build-dependency on libgdbm-compat-dev (Closes: #892099)
  * debian/tests/excludes/any/TestTimeTZ.rb: ignore tests failing due to
    assumptions that don't hold on newer tzdata update. Upstream bug:
    https://bugs.ruby-lang.org/issues/14655
  * debian/libruby2.5.symbols: update with new symbol added in this release

 -- Matthias Klose <email address hidden>  Mon, 02 Apr 2018 22:15:10 +0200

Available diffs

Builds

Built packages

Package files